{
  "threat_severity" : "Moderate",
  "public_date" : "2025-02-26T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: blk-throttle: Set BIO_THROTTLED when bio has been throttled",
    "id" : "2347776",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2347776"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-416",
  "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\nblk-throttle: Set BIO_THROTTLED when bio has been throttled\n1.In current process, all bio will set the BIO_THROTTLED flag\nafter __blk_throtl_bio().\n2.If bio needs to be throttled, it will start the timer and\nstop submit bio directly. Bio will submit in\nblk_throtl_dispatch_work_fn() when the timer expires.But in\nthe current process, if bio is throttled. The BIO_THROTTLED\nwill be set to bio after timer start. If the bio has been\ncompleted, it may cause use-after-free blow.\nBUG: KASAN: use-after-free in blk_throtl_bio+0x12f0/0x2c70\nRead of size 2 at addr ffff88801b8902d4 by task fio/26380\ndump_stack+0x9b/0xce\nprint_address_description.constprop.6+0x3e/0x60\nkasan_report.cold.9+0x22/0x3a\nblk_throtl_bio+0x12f0/0x2c70\nsubmit_bio_checks+0x701/0x1550\nsubmit_bio_noacct+0x83/0xc80\nsubmit_bio+0xa7/0x330\nmpage_readahead+0x380/0x500\nread_pages+0x1c1/0xbf0\npage_cache_ra_unbounded+0x471/0x6f0\ndo_page_cache_ra+0xda/0x110\nondemand_readahead+0x442/0xae0\npage_cache_async_ra+0x210/0x300\ngeneric_file_buffered_read+0x4d9/0x2130\ngeneric_file_read_iter+0x315/0x490\nblkdev_read_iter+0x113/0x1b0\naio_read+0x2ad/0x450\nio_submit_one+0xc8e/0x1d60\n__se_sys_io_submit+0x125/0x350\ndo_syscall_64+0x2d/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xa9\nAllocated by task 26380:\nkasan_save_stack+0x19/0x40\n__kasan_kmalloc.constprop.2+0xc1/0xd0\nkmem_cache_alloc+0x146/0x440\nmempool_alloc+0x125/0x2f0\nbio_alloc_bioset+0x353/0x590\nmpage_alloc+0x3b/0x240\ndo_mpage_readpage+0xddf/0x1ef0\nmpage_readahead+0x264/0x500\nread_pages+0x1c1/0xbf0\npage_cache_ra_unbounded+0x471/0x6f0\ndo_page_cache_ra+0xda/0x110\nondemand_readahead+0x442/0xae0\npage_cache_async_ra+0x210/0x300\ngeneric_file_buffered_read+0x4d9/0x2130\ngeneric_file_read_iter+0x315/0x490\nblkdev_read_iter+0x113/0x1b0\naio_read+0x2ad/0x450\nio_submit_one+0xc8e/0x1d60\n__se_sys_io_submit+0x125/0x350\ndo_syscall_64+0x2d/0x40\nentry_SYSCALL_64_after_hwframe+0x44/0xa9\nFreed by task 0:\nkasan_save_stack+0x19/0x40\nkasan_set_track+0x1c/0x30\nkasan_set_free_info+0x1b/0x30\n__kasan_slab_free+0x111/0x160\nkmem_cache_free+0x94/0x460\nmempool_free+0xd6/0x320\nbio_free+0xe0/0x130\nbio_put+0xab/0xe0\nbio_endio+0x3a6/0x5d0\nblk_update_request+0x590/0x1370\nscsi_end_request+0x7d/0x400\nscsi_io_completion+0x1aa/0xe50\nscsi_softirq_done+0x11b/0x240\nblk_mq_complete_request+0xd4/0x120\nscsi_mq_done+0xf0/0x200\nvirtscsi_vq_done+0xbc/0x150\nvring_interrupt+0x179/0x390\n__handle_irq_event_percpu+0xf7/0x490\nhandle_irq_event_percpu+0x7b/0x160\nhandle_irq_event+0xcc/0x170\nhandle_edge_irq+0x215/0xb20\ncommon_interrupt+0x60/0x120\nasm_common_interrupt+0x1e/0x40\nFix this by move BIO_THROTTLED set into the queue_lock." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2022-11-15T00:00:00Z",
    "advisory" : "RHSA-2022:8267",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "kernel-0:5.14.0-162.6.1.el9_1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Not affected",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Affected",
    "package_name" : "kernel-rt",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-49465\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-49465\nhttps://lore.kernel.org/linux-cve-announce/2025022601-CVE-2022-49465-c14f@gregkh/T" ],
  "name" : "CVE-2022-49465",
  "csaw" : false
}